TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-14 12:47:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

passkeys set

Browse Source
This commit is contained in:
peintnermax
2024-09-17 13:28:12 +02:00
parent c1a487c233
commit f03a50fdcb
2 changed files with 44 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apps/login/readme.md
View File

@@ -83,6 +83,8 @@ If no previous condition is met we throw an error stating the user was not found
> NOTE: We ignore `loginSettings.allowExternalIdp` as the information whether IDPs are available comes as response from `getActiveIdentityProviders(org?)`. If a user has a cookie for the same loginname, a new session is created regardless and overwrites the old session. The old session is not deleted from the login as for now. > NOTE: We ignore `loginSettings.allowExternalIdp` as the information whether IDPs are available comes as response from `getActiveIdentityProviders(org?)`. If a user has a cookie for the same loginname, a new session is created regardless and overwrites the old session. The old session is not deleted from the login as for now.
> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
### /password ### /password
This page shows a password field to hydrate the current session with password as a factor. This page shows a password field to hydrate the current session with password as a factor.
@@ -107,6 +109,8 @@ If the user has set up an additional **single** second factor, it is redirected
If none of the previous conditions apply, we continue to sign in. If none of the previous conditions apply, we continue to sign in.
> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f methods or passkeys. The check whether a user should be redirected to one of the pages `/passkey` or `/u2f`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
### /otp/[method] ### /otp/[method]
This page shows a code field to check an otp method. The session of the user is then hydrated with the respective factor. Supported methods are `time-based`, `sms` and `email`. This page shows a code field to check an otp method. The session of the user is then hydrated with the respective factor. Supported methods are `time-based`, `sms` and `email`.
@@ -154,6 +158,8 @@ Requests to the APIs made:
When updating the session for the webAuthN challenge, we set `userVerificationRequirement` to `UserVerificationRequirement.REQUIRED` as this will request the webAuthN method as primary method to login. When updating the session for the webAuthN challenge, we set `userVerificationRequirement` to `UserVerificationRequirement.REQUIRED` as this will request the webAuthN method as primary method to login.
After updating the session, the user is signed in. After updating the session, the user is signed in.
> NOTE: This page currently does not check whether a user contains passkeys. If this method is not available, this page should not be used.
### /mfa/set ### /mfa/set
This page loads login Settings and the authentication methods for a user and shows setup options. This page loads login Settings and the authentication methods for a user and shows setup options.
@@ -175,6 +181,8 @@ At the moment, U2F methods are hidden if a method is already added on the users
> NOTE: The session and therefore the user factor defines which login settings are checked for available options. > NOTE: The session and therefore the user factor defines which login settings are checked for available options.
> NOTE: `listAuthenticationMethodTypes()` does not consider different domains for u2f or passkeys. The check whether a user should be redirected to one of the pages `/passkey/set` or `/u2f/set`, should be extended to use a domain filter (https://github.com/zitadel/zitadel/issues/8615)
### /passkey/set ### /passkey/set
<img src="./screenshots/passkeyset.png" alt="/passkey/set" width="400px" /> <img src="./screenshots/passkeyset.png" alt="/passkey/set" width="400px" />
@@ -188,6 +196,11 @@ Requests to the APIs made:
- `registerPasskeyLink()` - `registerPasskeyLink()`
- `verifyPasskey()` - `verifyPasskey()`
If the loginname decides to redirect the user to this page, a button to skip appears which will sign the user in afterwards.
If a passkey is registered, we redirect the user to `/passkey` to again verify it and sign in with the new method.
> NOTE: Redirecting the user to `/passkey` will not be required in future and the currently used session will be hydrated directly after registering. (https://github.com/zitadel/zitadel/issues/8611)
### /otp/[method]/set ### /otp/[method]/set
### /u2f/set ### /u2f/set

36
apps/login/src/ui/RegisterPasskey.tsx
View File

@@ -148,29 +148,14 @@ export default function RegisterPasskey({
if (authRequestId) { if (authRequestId) {
params.set("authRequestId", authRequestId); params.set("authRequestId", authRequestId);
params.set("sessionId", sessionId); params.set("sessionId", sessionId);
// params.set("altPassword", ${false}); // without setting altPassword this does not allow password
// params.set("loginName", resp.loginName);
router.push("/passkey?" + params); router.push("/passkey?" + params);
} else { } else {
router.push("/accounts?" + params); continueAndLogin();
} }
} }
return ( function continueAndLogin() {
<form className="w-full">
{error && (
<div className="py-4">
<Alert>{error}</Alert>
</div>
)}
<div className="mt-8 flex w-full flex-row items-center">
{isPrompt ? (
<Button
type="button"
variant={ButtonVariants.Secondary}
onClick={() => {
if (authRequestId) { if (authRequestId) {
const params = new URLSearchParams({ const params = new URLSearchParams({
authRequest: authRequestId, authRequest: authRequestId,
@@ -197,6 +182,23 @@ export default function RegisterPasskey({
router.push("/signedin?" + params); router.push("/signedin?" + params);
} }
}
return (
<form className="w-full">
{error && (
<div className="py-4">
<Alert>{error}</Alert>
</div>
)}
<div className="mt-8 flex w-full flex-row items-center">
{isPrompt ? (
<Button
type="button"
variant={ButtonVariants.Secondary}
onClick={() => {
continueAndLogin();
}} }}
> >
skip skip